[lfs-support] 6.06 Creating Essential Files and Symlinks
After installing OpenSSH, I'm seeing errors like this: sshd[1226]: Excess permission or bad ownership on file /var/log/btmp Quick google turns up: https://issues.rpath.com/browse/RPL-1825 TL;DR - I think we ought to change the last few lines from this: touch /var/run/utmp /var/log/{btmp,lastlog,wtmp} chgrp -v utmp /var/run/utmp /var/log/lastlog chmod -v 664 /var/run/utmp /var/log/lastlog to this: touch /var/run/utmp /var/log/{btmp,lastlog,wtmp} chgrp -v utmp /var/run/utmp /var/log/{lastlog,btmp} chmod -v 664 /var/run/utmp /var/log/lastlog chmod -v 0600 /var/log/btmp Does anyone see an issue with changing the group and perms of /var/log/btmp to fit SSH's expectations? Q -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] 6.06 Creating Essential Files and Symlinks
On Mon, 13 Feb 2012 04:01:55 -0800 Qrux qrux@gmail.com wrote: After installing OpenSSH, I'm seeing errors like this: sshd[1226]: Excess permission or bad ownership on file /var/log/btmp Quick google turns up: https://issues.rpath.com/browse/RPL-1825 TL;DR - I think we ought to change the last few lines from this: touch /var/run/utmp /var/log/{btmp,lastlog,wtmp} chgrp -v utmp /var/run/utmp /var/log/lastlog chmod -v 664 /var/run/utmp /var/log/lastlog to this: touch /var/run/utmp /var/log/{btmp,lastlog,wtmp} chgrp -v utmp /var/run/utmp /var/log/{lastlog,btmp} chmod -v 664 /var/run/utmp /var/log/lastlog chmod -v 0600 /var/log/btmp Does anyone see an issue with changing the group and perms of /var/log/btmp to fit SSH's expectations? I agree, if we create /var/log/btmp it should be chmod 600, but I wonder, do we need it? Does anything use it? Andy -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] 6.06 Creating Essential Files and Symlinks
Andrew Benton wrote: On Mon, 13 Feb 2012 04:01:55 -0800 Qrux qrux@gmail.com wrote: After installing OpenSSH, I'm seeing errors like this: sshd[1226]: Excess permission or bad ownership on file /var/log/btmp Quick google turns up: https://issues.rpath.com/browse/RPL-1825 TL;DR - I think we ought to change the last few lines from this: touch /var/run/utmp /var/log/{btmp,lastlog,wtmp} chgrp -v utmp /var/run/utmp /var/log/lastlog chmod -v 664 /var/run/utmp /var/log/lastlog to this: touch /var/run/utmp /var/log/{btmp,lastlog,wtmp} chgrp -v utmp /var/run/utmp /var/log/{lastlog,btmp} chmod -v 664 /var/run/utmp /var/log/lastlog chmod -v 0600 /var/log/btmp Does anyone see an issue with changing the group and perms of /var/log/btmp to fit SSH's expectations? I agree, if we create /var/log/btmp it should be chmod 600, but I wonder, do we need it? Does anything use it? The command 'lastb' uses btmp. I changed the permissions in svn. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] 6.06 Creating Essential Files and Symlinks
On Mon, 13 Feb 2012 13:23:48 -0600 Bruce Dubbs bruce.du...@gmail.com wrote: The command 'lastb' uses btmp. It's true lastb can use /var/log/btmp, but only to read its contents. If nothing in LFS is writing to the file, do we need to create it in LFS? Wouldn't it be more sensible to create it in BLFS, on the ssh page? Andy -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] 6.06 Creating Essential Files and Symlinks
On Feb 13, 2012, at 4:07 PM, Andrew Benton wrote: On Mon, 13 Feb 2012 13:23:48 -0600 Bruce Dubbs bruce.du...@gmail.com wrote: The command 'lastb' uses btmp. It's true lastb can use /var/log/btmp, but only to read its contents. If nothing in LFS is writing to the file, do we need to create it in LFS? Wouldn't it be more sensible to create it in BLFS, on the ssh page? It's not just about readers. It's also about writers. /var/log/btmp: Log of all attempted bad logins to the system. Accessed via the lastb command. Empirical testing shows that login writes to btmp. I infer, from that description given at TLDP, that everything that logs a bad-login attempt (e.g., login) ought to be writing to this file. It is NOT an SSH-specific thing. I assumed that since LFS was creating it in the first place, that LFS was the right place to keep it. Unfortunately, the default LFS perms break downstream assumptions about /var/log/btmp, and that's what's being fixed. Q -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page